2 Replies Latest reply on Apr 27, 2006 3:28 PM by chris griffith

    SecurityAssociation unexpectedly cleared

    chris griffith Expert

      Dear forum-mates,

      I seem to have myself up against a wall and not sure what to do. My security association is getting all jacked-up.

      I have a client application with the following usecase...

      1 Client performs JAAS login to establish security identity in order to access method a of secured session bean A (this login config has ClientLoginModule as last module in chain)

      2 Client calls A.a() (login of step 1 is good as this method is executed)

      3 Inside A.a(): method b of secured session bean B is called. However, this call uses a run-as identity as configured in A's ejb-jar. This method call occurs

      4 Inside B.b(): create method of secured CMP entity bean C is called. However, this call uses a run-as identity as configured in B's ejb-jar. This method call occurs and resulting object is persisted.

      5 execution resumes in Client.

      6 Client then attempts to call any other method of some secured bean.
      LoginException is thrown as JAAS login is attempted by JBoss.

      What I have noticed is that the SecurityInterceptor of request in step 6 checks with JAASSecurityManger to see if caller "isValid". At this point, the domain cache is saying, "Begin isValid, cache info: null". Meaning that the principal is not stored in cache. However, I have not logged out of LoginContext. In fact, the authentication cache still contains an entry for the authenticted principal. So what must be happening is that the SecurityAssocation for the request is getting cleared.

      I have tried to enable TRACE logging in SecurityAssociation but due to
      http://jira.jboss.com/jira/browse/JBAS-46 My application will not deploy correctly. So I am unable to do TRACE logging to find where the problem is. Finally, I am not the administrator of this JBoss AS 4.0.2 environment, so I can not just upgrade.

      Any suggestions, or pointers as to how to find what is going on?

      thanks a bunch, cgriffith